Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 13238 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Isolation

CClasen
Is it the case that client isolation only works when using Separate Zone?  It doesn't seem to do anything for Bridge to LAN or Bridge to VLAN.


This thread was automatically locked due to age.
  • 0
    I guess that depends...I think the source MAC header of the wireless client is preserved when it traverses the AP and is only rewritten at a router.

    In my opinion, the best approach would be for the UTM to get aggregate a list of the MACs of connected wireless clients across all APs, and then push that as an ACL back to all APs so that all traffic between clients is dropped at L2.

    I am no developer so maybe this isn't a feasible approach -just the way I see it in my network engineering "mechanics" brain [;)]
  • 0
    I posted a suggestion that you might want to vote for: Enable Client Isolation on Bridge-to-LAN/VLAN SSIDs.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML